From 494d29a8bcd07e544e8178b140ba3b75bcb3aceb Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Thu, 13 Jun 2013 17:26:47 +0200
Subject: dissector: ip_auth_hdr: Fix possible null pointer dereference

Fix an unconditional dereference of a pkt_pull() return value to prevent
dereferencing a null pointer.

This was found by the Coverity scanner.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 proto_ip_authentication_hdr.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/proto_ip_authentication_hdr.c b/proto_ip_authentication_hdr.c
index 6640918..183d405 100644
--- a/proto_ip_authentication_hdr.c
+++ b/proto_ip_authentication_hdr.c
@@ -54,8 +54,17 @@ static void auth_hdr(struct pkt_buff *pkt)
 	tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi));
 	tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf));
 	tprintf("ICV 0x");
-	for (i = sizeof(struct auth_hdr); i < hdr_len; i++)
-		tprintf("%02x", *pkt_pull(pkt, 1));
+	for (i = sizeof(struct auth_hdr); i < hdr_len; i++) {
+		uint8_t *data = pkt_pull(pkt, 1);
+
+		if (data == NULL) {
+			tprintf("%sinvalid%s", colorize_start_full(black, red),
+				colorize_end());
+			break;
+		}
+
+		tprintf("%02x", *data);
+	}
 	tprintf(" ]\n");
 
 	pkt_set_proto(pkt, &eth_lay3, auth_ops->h_next_header);
-- 
cgit v1.2.3-54-g00ecf